Christian Biere wrote:
> >Synopsis: login might not back-off as expected
> >Confidential: no
> >Severity: non-critical
> >Priority: low
This would have to be changed to "login might sleep forever" and I'd
rate this rather "serious" although it wouldn't happen with the default
settings.
> Due to a hardcoded value in the back-off time calculation code the
> time to back-off can become negative. As this value is (automatically)
> casted to an unsigned int, sleep() is called with a pretty uge value.
> As this exceeds 1000000000 sleep returns immediately.
This was a bug in the kernel which has been fixed meanwhile. So this
negative value will really cause login to sleep for a *very* long time
if you enter a wrong password.
--
Christian